2 matches found
CVE-2024-13810
The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zassimportzass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with...
CVE-2024-8430
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spicestartersitesimportercreater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo conte...